INTRODUCTION-an overview of Auditing
Economic decisions in every society must be based upon the
information available at the time the decision is made. For
example, the decision of a bank to make a loan to a business is
based upon previous financial relationships with that business, the
financial condition of the company as reflected by its financial
statements and other factors.
If decisions are to be consistent with the intention of the
decision makers, the information used in the decision process must
be reliable. Unreliable information can cause inefficient use of
resources to the detriment of the society and to the decision
makers themselves. In the lending decision example, assume that the
bank makes the loan on the basis of misleading financial statements
and the Borrower Company is ultimately unable to repay. As a result
the bank has lost both the principal and the interest. In addition,
another company that could have used the funds effectively was
deprived of.the money.
As a means of overcoming the problem of unreliable information,
the decision-maker must develop a method of assuring him that the
information is sufficiently reliable for these decisions. In doing
this he must weigh the cost of obtaining more reliable information
against the expected benefits.
A common way to obtain such reliable information is to have some
type of verification (audit) performed by independent persons. The
audited information is then used in the decision making process on
the assumption that it is reasonably complete, accurate and
unbiased.
The word Audit is derived from the Latin word Audire which means
to here. In olden days, whenever the owner of the business suspects
the frauds, they appoint independent and impartial person who uses
to hear the explanation given by the accountant. Such person was
known as Auditor.
1|Page
Auditing may be defined as,
A careful and critical examination of books of accounts by a
properly qualified person on the basis of proper evidence so as to
express an opinion (i.e. views) about the truth and fairness of
financial statements.
2|Page
ORIGIN AND EVOLUTION OF AUDITING
1) Origin of term :
The term audit is derived from the Latin term audire mean to
hear. In early days, an auditor used to listing to the account read
out by the accountant in order to check them.
2) Ancient origin :
Auditing is as old as accounting. It was in use in all ancient
countries such as Mesopotamia, Egypt, Greece, Rome, U.K., and
India. The Vedas,Ramayana, Mahabharata contain references to
accounting and auditing. Arthashasastra by Kautilya gives detailed
rules for accounting and auditing of public finances. The Mauryas,
the Guptas and the Mughals had developed and accounting and
auditing system to control state finances. Thus, basically,
accounting and auditing had their origin in the need for the
government to control the income and expenditure of the state and
the army. The original object of auditing was to detect and prevent
errors and frauds.
3) Compulsory audits of companies:
With increasing number of companies, the companies acts in
different countries began providing for compulsory audit of
accounts of companies. Thus U.K. audit of accounts of limited
companies became compulsory in 1900. In India, the companies act,
1913 made audit of company accounts compulsory. With increase in
size of companies, the object of audit also shifted to ascertaining
whether the accounts were true and fair rather than true and
correct. Thus, the emphasis was not arithmetical accuracy but on
fair representation of financial affairs.
3|Page
4) Development of accounting and auditing standard:
The international accounting standards committee and the
accounting standards board of institute of chartered accountant of
India have developed standard accounting and auditing practices to
guide the accountants and auditor in their day-to-day work.
5) Computer technology: The latest development in auditing
pertains to the use of computers in accounting as well as
auditing.
Really, auditing has come a long way from hearing the accounts
in the ancient day to using computers to examine computerized
accounts of today.
4|Page
DEFINITION OF AUDITING
Various persons such as the owners, shareholders, investors,
creditors, lenders, government etc. use the final account of
business concern for different purposes. All these users need to be
sure that the final accounts prepared by the management are
reliable. An auditor is an independent expert who examines the
accounts of a business concern and reports whether the final
accounts are reliable or not. Different authorities have defined
auditing as follows.
Mautz define the auditing as auditing is concerned with the
verification of accounting data, with determining the accuracy and
reliability of accounting statement and reports.
International auditing guidelines defines the auditing as
auditing is an independent examination of financial information of
any entity with a view to expressing an opinion thereon.
5|Page
BASIC PRINCIPLES OF AUDITING
1) Integrity, objectivity and independence:
The auditor should be honest and sincere in his audit work. He
must be fair and objective. He should also be independent.
2) Confidentiality:
The auditor should keep the information obtained during audit,
confidential. He should not disclose such information to any third
party. He should, keep his eyes and ears open but his mouth
shut.
3) Skill and competence:
The auditor should have adequate training, experience and
competence in Auditing. He should have a professional qualification
( i.e. be a Chartered Accountant) and practical experience. He
should be aware of recent developments in the field of auditing
such as statement of ICAI, changes in company law, decisions of
courts etc.
4) Working papers:
The auditor should maintain working papers of important matters
to prove that audit was conducted with due care according to the
basic principles.
6|Page
5) Planning:
The auditor should plan his audit work. He should prepare an
audit programmed to complete the audit efficiently and in time.
6) Audit evidence:
The report of the auditor should be base on evidence obtained in
the course of audit. The evidence may be obtained through vouching
of transactions, verification of assets and liabilities, ratio
analysis etc.
7) Evaluation of accounting system and internal control:
The auditor should ensure that the accounting system is
adequate. He should see that all the transaction has been properly
recorded. He should study and evaluate the internal controls.
8) Opinion and report:
The auditor should arrive at his opinion on the account based on
the audit evidence and submit his report. The opinion may be
unqualified, qualified or adverse. The audit report should clearly
express his opinion. Law should require the content and form of
audit report.
7|Page
ADVANTAGES OF AUDITING
1) Assurance of true and fair accounts:
Audit provides an assurance to the various users of final
accounts such as owners, management, creditors, lenders, investors,
governments etc. that the accounts are true and fair.
2) True and Fair balance sheet:
The user accounts can be sure that the assets and liabilities
shown in the audited balance sheet show the concern, as it is i.e.
neither more nor less.
3) True and fair profit and loss account:
The user can be confident that the audited profit and loss
account shows the true amount of profit or loss as it is i.e.
neither more nor less.
4) Tally with books:
The audited final account can be taken to tally with the books
of accounts. Thus, the income-tax officer can start with the figure
of audited books profit, make adjustments and compute the taxable
income. An outside user need not go through the entire books.
8|Page
5) As per standard accounting and auditing practices:
The audited final accounts follow the standard accounting and
auditing principles laid down by professional bodies. Thus, audited
accounts are based on objectives standard and not on personal whims
and fancies of a particular accountant or auditor.
6) Detection and prevention of errors and frauds:
Audited accounts can be assumed reasonably free from errors and
frauds. The auditor with his expert knowledge would take due care
to see that Errors and frauds are detected so that the accounts
shoe a true and fair view.
7) Advice on system, taxation, finance:
The auditor can also advise the client about the accounting
system, internal control, internal check, internal audit, taxation,
finances etc.
9|Page
LIMITATIONS OF AUDITING
1. An auditor cannot check each and every transaction he has to
check only the selected areas and transaction on a sample
basis.
2. Audit evidence is not conclusive in nature thus confirmation
by a debtor is not conclusive evidence that the amount will be
collected. It is said evidence is rather than conclusive in
nature.
3. An auditor cannot be expected to discover deeply laid frauds
usually involves acts designed to conceal them such as forgery ,
celibate failure to record transactions, false explanation and
hence are difficult to detect.
4. Audit cannot assure the users of account about the future
profitability, prospects or the efficiency of the management.
5. An auditor has to rely upon expert auditor may have to rely
on expert in related field such as lawyers, engineers, values etc.
for estimating contingent liabilities, valuation of fixed assets
etc.
10 | P a g e
AUDIT COMMITTEE
In pursuance of RBI circular September 26, 1995, a bank is
required to constitute an Audit Committee of its Board. The
membership of the audit committee is restricted to the Executive
Director, nominees of Central Government and the RBI, Chartered
Accountant director and one of the non-official directors.
One of the functions of this committee is to provide direction
and oversees the operations of the total audit function in the
bank. The committee also has to review the internal inspection
function in the bank, with special emphasis on the system, its
quality and effectiveness in terms of follow up. The committee has
to review the system of appointment and remuneration of concurrent
auditors.
The audit committee is, therefore, connected with the
functioning of the system of concurrent audit. The method of
appointment of auditors, their remuneration and the quality of
their work is to be reviewed by the Audit Committee. It is in this
context that periodical meeting by the members of the audit
committee with the concurrent auditors help the audit committee to
oversee the operations of the total audit function in the bank.
Considering the coverage of this audit assignment and the
specialized nature of work there is also a need for training to be
imported to the staff of the auditors. This training has to be
given in specialized field such as foreign exchange,
computerization, and areas of income leakage, fraud prone areas,
determination of credit rating and other similar specialized areas.
The bank can organize such training programmed at various places so
that it can ensure the quality of audit.
11 | P a g e
INTERNAL CONTROL IN CERTAIN SELECTED AREAS
General
The staff and officer of a bank should lift form one position to
another frequently and without prior notice. The work of one person
should always be checked by another person in the normal course of
business. All arithmetical accuracy of the book should be proved
independently every day. All bank form (e.g. books, demand draft
book, travellers cheque, etc.) should be kept in the possession of
an officer, and another responsible officer should occasionally
verify the stock of such stationary.
The mail should be opened by responsible officers. Signature on
all the letters and advice received from other branches of the bank
or its correspondence should be checked by an officer with
signature book.
The signature book of the telegraphic codebook should be kept
with responsible officers, used, and seen by authorized officers
only.
The bank should take out insurance policies against loss and
employees infidelity. The power of officers of different grade
should be clearly defined. There should be surprise inspection of
office and branches at periodic interval by the internal audit
department. The irregularities pointed out in the inspection
reports should be promptly rectified.
12 | P a g e
Cash:
Cash should be kept in the joint custody of two responsible
people. In addition to normal checking by the chief cashier, cash
should be test checked daily and counted in full occasionally by
responsible officers unconnected with the balanced shown the
balanced shown by the daybook every day.
The cashier should have no access to the ledger account and the
daybook. This is an important safeguard. Bank management are often
tempted to used cashier because of their shorter working hours as a
ledger clerks in the absence of regular staff on leave, etc. This
cash can be a very expensive price of economy.
Clearings:
Cheques received by the bank in clearing should with the list
accompanying them independent list should be prepared for cheques
debited to different customers account and those return unpaid and
these should be checked by officers.
The total numbered and amount of cheques sent out the bank for
clearing should be agreed with the total of the clearing
pay-in-slip, by an independent person. The unpaid cheques received
back return clearing should be checked in the same manner as the
cheques received.
Constituent ledger:
Before making payment, cheques should properly checked in
respect of signature, date, balanced in hand etc. and should be
passed by an officers and entered into constituents account.
No withdrawal should normally be allowed against cheques
deposited on the same day.
13 | P a g e
An officer should check all the entries made in the ledger with
the original document particularly nothing that the correct account
have been debited or credited. Ledger keeper should not have access
to voucher summary sheet after they have been checked by an officer
and to the daybook. Interest debited or credited to constituent
account should be independently checked.
Bill of collection:
All documents accompanying the bill should be received and
entered in the register by a responsible officer. All the time of
dispatch, the officer should also see that all document sent along
with the bills.
The account of customers or principals should be credited only
after bills have been collected or an advice to that effect
received form the branch or agent to which they were sent for
collection.
It should be ensured that bills sent by one, branch for
collection to another branch of the bank, are not in the collection
twice in the amalgamated balance sheet of the bank. For this
purpose, the receiving branch should reverse the entries such as
bills at the end of the receiving branch at the end of the year fir
closing purposes.
Bill purchased:
At the time of purchased of bill, an officer should verify that
all the document of titles are properly assigned to the bank.
Sufficient margin should be kept while purchased or discounting
a bill to cover any decline in the value of the security etc. If
the bank is unable to collect a bill on the due date, immediately
step should be taken to recoveries the amount form the drawer
against the security provided. All irregular outstanding account
should be reported to the head office. 14 | P a g e
In the case of purchased outstanding at the close of the year
discount received thereon should thereon should be properly
apportioned between years.
Loan and advances:
The bank should make advances only after satisfying itself as to
the creditworthiness of the borrowers and after obtaining sanction
from the proper authorities of bank. The entire necessary document
(e.g. agreement, demand promissory note, letter of hypothecation
etc.)
Sufficient margin should be kept against securities taken to
cover any decline in the value thereof and also to comply with
proper authorities of directives. Such margin should be determined
by the proper authorities of the bank as a general policy or for
particular account.
All the securities should be received and returned by
responsible officer. They should be kept in the joint custody of
two such officer In the case of good in possession of the bank,
content of the package should be test checked at the time of
receipt.
Surprise check should be made in respect of hypothecated goods
not in the possession of the bank. Market value of good should be
checked by officer of the bank by personal enquiry in addition to
the invoice to the invoice value given by the borrowers. As soon as
any increased or decreased takes take place in the value of
securities proper entries should be made in the drawing power book
and daily balance book. These entries should be checked by an
officer.
All account should be kept within both the drawing power and the
sanctioned limit at all times. At the account, which exceed the
sanctioned limit or drawing power or are against unapproved
securities or are otherwise irregular, should be brought to the
notice of the management/head office regularly. 15 | P a g e
Demand draft:
The signature on demand draft should be checked by an officer
with signature book. All the best demand draft sold by should be
immediately confirmed by the advice to the branches concerned. If
the branches does not receive does not received proper confirmation
of ant demand draft form the issuing branch or does not received
credit in its account with that branches, it should take immediate
step to ascertain the reason.
Inter branch account:
The account should be adjusted only on the basis of application
with reasonably good credit assessment. Prompt action should be
taken preferably by central authorities, if any entries are not
reasonably time.
Credit card operation:
There should be effective screening of application with
reasonably good credit assessment. There should be strict control
over storage and issues of card. There should be at system whereby
a merchant confirm the statues of utilized limit of a credit card
holder form the bank before accepting the settlement in case the
amount to be settled exceed a specified percentage of the total
limit of the credit holder.
There should be system of prompt reporting by the merchant of
all settlement accepted by them through credit cards.
16 | P a g e
Reimbursement to merchants should be made only after
verification of the validity of merchant acceptance of card. All
the reimbursement should be made immediately charged to the
customers account. There should be a system to ensure that
statements are sent regularly and promptly to the customers. There
should be a system to monitor and follow up customer payment. Items
overdue beyond a reasonable period should identification and
attended to carefully. Credit should be stopped by informing the
merchant through periodic bulletin, as early as possibly to avoid
increased losses.
There should be a system of periodic review of credit card
holder account. On the basis, the limit of customer may be revised;
it necessary, the review should also includes determination of
doubtful amount and the provisioning in respect thereof.
17 | P a g e
STAGES IN AUDITING
1) Preliminary work:
a) The auditor should acquire knowledge of the regulatory
environment in which the bank operates. Thus, the auditor should
familiarize himself with the relevant provisions of applicable laws
and ascertain the scope of his duties and responsibilities in
accordance with such laws. He should be well acquainted with the
provisions of the Banking Regulation act, 1956 in the case of audit
of a banking company as far as they relate of preparation and
presentation of financial statements and their audit.
b) The auditor should also acquire knowledge of the economic
environment in which the bank operates. Similarly, the auditor
needs to acquire good working knowledge of the services offered by
the bank. In acquiring such knowledge, the auditor needs to be
aware of the many variation in the basic deposit, loan and treasury
services that are offered and continue to be developed by banks in
response to market conditions. To do so, the auditor needs to
understand the nature of services rendered through instruments such
as letters of credit, acceptances, forward contracts and other
similar instruments.
c) The auditor should also obtain and understanding of the
nature of books and records maintained and the terminology used by
the bank to describe various types of transaction and operations.
In case of joint auditors, it would be preferable that the auditor
also obtains a general understanding of the books and records, etc,
relating to the work of the other auditors, In addition to the
above, the auditor should undertake the following:
I.
Obtaining internal audit reports, inspection reports, inspection
reports and concurrent audit reports pertaining to the bank/branch.
18 | P a g e
II.
Obtaining the latest report of revenue or income and expenditure
audits, where available.
III.
In the case of branch auditors, obtaining the report given by
the outgoing branch manager to the incoming branch in the case of
change in incumbent at the branch during the year under audit, to
the extent the same is relevant for the audit.
d) RBI has introduced and offsite surveillance system for
commercial banks on various aspects of operations including
solvency, liquidity, asset quality, earnings, performance, insider
trading etc., and has indicated that such reports shall be
submitted at periodic intervals from the year commencing 1-04-1995.
It will be appropriate to be familiar with the reports submitted
and to review them to the event that they are relevant for the
purpose of audit.
e) In a computerized environment the audit procedure may have to
appropriately tuned to the circumstances, particularly as the books
are not authenticated as in manually maintained accounts and the
auditor may not have his in-house computer facility to taste the
software programmes. The emphasis would have to be laid on internal
control procedure related to inputs, security in the matter of
access to EDP system, use of codes, passwords, data inputs being
prepared by person independent of key operators and other build-in
procedure for data validation and system controls as to ensure
completeness and correctness of the transaction keyed in. system
documentation of the software may be obtained and examined.
f) One set of tests that the auditor at both the branch level
and head office level may apply for audit of banks in analytical
procedure.
19 | P a g e
2) Evaluation of internal control system:
It may be noted that transaction in banks are voluminous and
repetitive, and fall into limited categories/heads of account. It
may, therefore, be more appropriate that the evaluation of the
internal control is made for each class/category of transaction. If
the exercise of internal control evaluation is properly carried
out, it assist the auditor to determine the effectiveness or
otherwise of the control systems and accordingly enable him to
strengthen his audit procedures, and lay appropriate emphasis on
the risk prone areas. Internal control would include accounting
control administrative controls.
a) Accounting controls:
Accounting controls cover areas directly concerned with
recording of financial transactions and maintenance of such
registers/records as to ensure their reliability.
Internal accounting controls are also envisaging such procedures
as would determine responsibility and fix accountability with
regard to safeguarding of the assets of the bank. It would not be
out of place of mention that there is a distinction between
accounting system and internal accounting controls. Accounting
system envisages the processing of the transaction and events,
their recognition, and appropriate recording. Internal controls are
techniques, method and procedures so designed and usually built
into systems, as would enable prevention as well as detection of
errors, omissions or irregularities in the process of execution and
recording of transaction/events.
The internal accounting controls as would ensure prevention of
errors, omissions and irregularities would include following:
I.
No transaction can be registered/recorded unless it is
sanctioned/approved by the designated authority. 20 | P a g e
II.
Built- in dual control/supervisory procedures ensure that there
is an independent automatic check on input/vouchers.
III.
No single person has authority to initiate transaction and
record through all stages to the general ledger. Each day
transactions are accurately and promptly recorded, and the control
and subsidiary records are kept balanced through personnel
independent of each other.
The auditor would be well advised to look into other areas may
lead to detection of errors, omissions and irregularities, inter
alias in the following:
I.
Missing/loss of security paper, stationery forms.
II.
Accumulation of transactions/balances in nominal heads of
accounts like suspense, sundries, inter-branch accounts, or other
nominal head of accounts particularly if their accounts
particularly if these accounts are extensively used to balance
books, despite availability of information.
III.
Accumulation of old/large unexplained/unsubstantiated entries in
accounts with Reserve Bank of India and other banks and
institutions.
IV.
Transaction represented by mere book adjustments not
evidenced/substantiated or upon non-honoring of
contracts/commitments.
V.
Origination debits I head office accounts/inter-branch
accounts.
VI.
Analytical review procedure.
21 | P a g e
VII.
Serious irregularities pointer out in internal
audit/inspection/special audit
VIII.
Complaints/matters
pending
in
the
vigilance/grievances
cell,
as
regards
discrepancies in accounts of constituents, etc.
IX.
Results of periodic analytical review, if observed as
adverse.
a) Administrative control:
These are broadly concerned with the decision making process and
laying down of authority/delegation of powers by the management. It
may be noted that in the normal course, the head office use the
zonal/regional offices do not conduct any banking business. They
are generally responsible for administrative and policy decisions
which are executed at the branch level.
3) Preparation of audit programme for substantive testing and
its execution
Having familiarized him the requirements of audit, the auditor
should prepare an audit programme for substantive testing which
should adequately cover the scope of his work. In framing the audit
programme, due Weightage should be given by the auditor to areas
where, in his view, there are weaknesses in the internal controls.
The audit programme for the statutory auditors would be different
from that of the branch auditor. At the branch level, basic banking
operations are to be covered by the audit. On the other hand, the
statutory auditors at the head office (provisions for gratuity,
inter- office accounts, etc.). The scope of the work of the
statutory auditors would also involve dealing with various
accounting aspects and disclosure requirements arising out of the
branch returns.
22 | P a g e
4) Preparation and submission of audit report
The branch auditor forwards his report to the statutory auditors
who have to deal with the same in such manner, as they considered
necessary. It is desirable that the branch auditors reports are
adequately in unambiguous terms. As far as possible, the financial
impact of all qualification or adverse comments on the branch
accounts should be clearly brought out in the branch audit report.
It would assist the statutory auditors if a standard pattern of
reporting, say, head wise, commencing with assets, then liabilities
and thereafter items related to income and expenditure, is
followed.
In preparing the audit report, the auditor should keep in mind
the concept of materiality. Thus, items which do not materially
affect the view presented by the financial statements may be
ignored. However, in the judgment of the auditor, an item though
not material, is contrary to accounting principles or any
pronouncements of the Institute of Chartered Accountants of India
or in such as would require a review of the relevant procedure, it
would be appropriate for him to draw the attention of the
management to this aspect in his long form audit report. In all
cases, matters covering the statutory responsibilities of the
auditor should be dealt with in the main report. The LFAR should be
used to further elaborate matters contained in the main report and
as substitute thereof.
Similarly while framing his main report, the auditor should
consider, wherever practicable, the significance of various
comments in his LFAR, where any of the comments made by the auditor
therein is adverse, he should consider whether qualification in his
main report is necessary by using his discretion on the facts and
circumstances of each case. In may be emphasized that the main
report should be self-contained document.
23 | P a g e
TYPES OF AUDITThe entire process of audit depends upon the type
of audit. Type of audit to be conducted is to be selected
carefully, keeping in mind the objects of audit in each and every
case. Hence it is essential to study the various types of audit
before laying down the programme for any audit work.
CHART SHOWING DIFFERENTCLASSES OF AUDIT
BASED ON AUTHORITY
BASED ON SCOPE
BASED ON TIME
BASED ON OBJECT
OTHER TYPES
Statutory Audit Y
Non-Statutory Audit
Internal Audit
Complete Audit
Partial Audit
Continuous Audit
Final Audit
Interim Audit
Special Audit
Cost Audit
Management Audit
Social Audit
Balance Sheet Audit
Occasional Audit
Audit In Depth
Cash Audit
Operational Audit 24 | P a g e
BASED ON AUTHORITY: 1) Statutory Audit It is the audit, which is
compulsory under the law*Appointment of auditors, removal,
Remuneration, rights; duties, and liabilities are governed as per
the provisions 'of the respective law applicable to the
organisation. Scope of audit work and all other terms are as laid
down by the law. It can be conducted only by a qualified Chartered
Accountant.
2) Non-Statutory Audit Non-statutory audits are voluntary
audits. These audits are not compulsory under any law. Terms and
conditions of audit are determined as per the agreement made
between the auditor and proprietor for e.g. financial audit of a
sole trader or partnership firm. It also includes nonfinancial
audits e.g. internal audit, management audit, Operational audit,
Social audit, etc.
a) Private Audit The audit which is done for the satisfaction of
the owner is called private audit. This type of audit is not
compulsory at all. It may be conducted by sole proprietors,
partnership firms, family trusts, private trusts, etc. The various
types of private audit are i) Audit of Sole Proprietor Audit of
accounts of a sole-proprietor is not compulsory. However, he may
get his books audited for various reasons. Some of the reasons are:
1) 2) 3) For obtaining loan from bank and financial institutions.
For presenting authentic data to income tax and Sales tax
authorities. For his own satisfaction that his employees have
written the books of accounts properly and that there are no frauds
and errors. ii) Audit of partnership firms 1) Under partnership Act
it is not compulsory to audit the accounts. However in actual
practice it is not only advisable but even necessary to get them
audited 2) It helps to prevent disputes among the partners. 25 | P
a g e
3) 4) 5)
It facilitates borrowing from banks Audited accounts are
preferred by income tax and sales tax departments. Audited accounts
can be helpful in case of litigation.
3) Internal Audit
This type of audit is also optional. It is conducted by the
internal auditor who is appointed by the proprietor. Even the
employee of the organisation may be appointed as an internal
auditor to examine the books of accounts. All the terms and
conditions of audit work are determined by the agreement. The basic
purpose of internal audit is not only to examine the books of
accounts but also to review the present working and make valuable
suggestions to improve it.
BASED ON SCOPE: 1) Complete Audit In complete audit the auditors
have to check each and every transaction, voucher document etc.
relating to the transactions of business. This types of audit is
not possible in case of large business organizations. 2) Partial
Audit Sometimes auditor may be called upon to audit few books and
give his finding thereon. Sometimes he may be called upon to audit
only the payment side of cashbook or receipts side only. This is
called as Partial Audit. Auditor has to be very careful when he
undertakes this type of audit. Usually this type of audit is called
for when a fraud or misappropriation is" suspected. While
submitting the report auditor should clearly mention -the scope and
documents or books made available to him for his audit. Partial
audit is not practical. Such an audits possible where audit is not
a legal necessity.
26 | P a g e
BASED ON TIME:
1) CONTINUOUS AUDIT One where the auditor, or his staff, is
constantly engaged in checking the accounts
during the whole period or where the auditor or his staff
attends at regular or irregular intervals during the period.
Continuous audit means an audit at regular intervals throughout the
accounting year. Continuous audit, accounting and auditing work is
done side by side.
(2) FINAL /ANNUAL /PERIODICAL / COMPLETED AUDIT: Periodic audit
is also known as 'final or completed audit'. Final audit is carried
out continuously until it is completed. It is a past accounts
audit. In case of a final audit, the auditor gets hold of all the
books of accounts and the vouchers for the, accounting Period. He
is in possession of all the facts and figures relating to the
accounting period for which the audit is being conducted. In case
of this audit, the auditor visits the clients place only once and
remains there till the audit is over. Generally this type of audit
is appropriate for smaller business concerns. Generally majority of
audits are in the nature of Final Audits.
(3) INTERIM AUDIT: It is a kind of audit, which is conducted in
between the annual or final audits. It is conducted
to find out the interim profit and know the financial 'position
at the end of a part of the accounting year. This is usually
carried out at half yearly intervals. Hence, this is also called as
half yearly audit.
27 | P a g e
BASSED ON OBJECT : 1) SPECIAL AUDIT Under section 233 A of
companies Act, the central government has power to direct special
audit under following circumstances: a) When the affairs of any
company are not managed as per the sound business principles. b)
When the financial position of the company is such as to endanger
its solvency. c) When company is being managed in a manner which is
likely to cause serious injury or damage to the interest of trade
or industry The auditor appointed by the government is required to
report to the government.
2) COST AUDIT It is a type of audit, which involves verification
of cost records maintained by the organisation. Under section 233 B
of the companies Act, 1956 the central government may direct an
audit of cost records by a person who is qualified. Appointment of
auditor is done by the board of director subject to the approval of
the central government. The auditors repot to the government, the
copy of the report is send to the company. It has been defined as
the verification of the correctness of cost accounts and of
adherence to the cost accounting plan.
3) Management audit:'Management auditing is concerned with
review of operations and performance of management to improve
efficiency and effectiveness of the organisation. It is, thus, an
extension of internal audit function. Some authors use the terms
management auditing and operational auditing interchangeably
because of the close resemblance of methodology employed. But it
may be noted, although operational auditing is also concerned with
review of operations of an entity, management auditing, in addition
to it also includes review of managerial performance. Secondly, the
frame of reference of a management audit is derived, generally,
from the expectations of the external participants and not of
organisation's management as in case of operational auditing.
28 | P a g e
4) Social audit Social audit is a recent development in the
field of at it is based on the modern concept of social
responsibility of business. Social audit examines to what extent
the business is discharging the social responsibilities. It
examines the contribution of the concern to the society at
large.
Other types:
1) Balance sheet Audit Balance Sheet audit is of a recent
origin. It has acquired popularity in U.S.A. As the very name
suggests, balance sheet audit consists of verification of all the
items appearing in the balance sheet such as assets, capital,
reserves and liabilities of the business. Under 'balance sheet
audit, the auditor commences audit on the basis of the Balance
sheet, and he works back to the books of original entry and other
evidences. Though balance sheet audit concentrates mainly on
balance sheet items, it also includes an examination of those
transactions, which are appearing in the Profit and Loss Account
because balance of Profit and Loss Account appears in the balance
sheet. Thus, in balance sheet audit all the items contained in the
balance sheet and other related or allied items are verified
completely. The auditor' will check up general ledger also
(2) Occasional audit: This type of audit is carried out
occasionally as per the need of the business, T1V applicable to the
proprietary concerns such as sole traders and partnerships, it is
just a need-based audit. It is conducted at the desire of the owner
of the business. This of audit is not possible in case of Joint
Stock Company as the annual au; compulsory as provided in Companies
Act, 1956.
29 | P a g e
(3) Audit in Depth Under this type of audit, the auditor
examines thoroughly selected transactions right from their origin
to the conclusion. All records and documents pertaining to the
transactions are checked in detail. The basic purpose of this
type of audit is to whether the system of internal check or control
system is effective. This type of audit enables the auditor to
suggest to the management a better procedure for recording the
transactions to avoid any loopholes for committing frauds. 4) Cash
Audit Here the auditor examines only cash transactions. He examines
cash receipts and cash payments. Cash transactions are checked with
the help of receipts and vouchers and other evidences. The receipts
and payments may be capital or revenue in nature. 5) Operational
Audit Operational audit goes beyond financial audit. It is
conducted to see that the business operations are improved in
future. It guides the management in achieving organizational
objectives
30 | P a g e
INTRODUCTION TO BANK AUDIT
Bank Audit is a time bound exercise and it is full of challenges
and responsibilities. For those who approach this exercise with
scientific methods and proper planning The auditor has very limited
option as far as the availability of time is concerned, therefore,
the only option he has is to carry out the audit in a very
scientific manner so that he is able to conduct a purposeful audit
in the limited time.
Generally, the appointment letters are received in second or
third week of March and the auditors are expected to commence the
audit in the first week of April and to complete the audit, in one
visit and in all respect, by the end of second week of April.
Therefore, the time available for the completion of audit in all
respects is generally in the range of 4-5 days to a maximum of a
week or 10 days, irrespective of the size of the branch, volume of
business and nature of activities.
The banks are taking effective measures to address this issue
and some banks have allowed the auditors of large and very large
branches to visit the respective branches before the close of the
year. Such visits help the auditors to gather lot of first hand
information and insight about the branch and its business profile,
performance, NPA profile, client profile, level of computerization,
etc.
Generally, banks circulate detailed closing instructions to the
branches and the auditors well in advance. It is important to
review the instructions and to incorporate the significant
instructions in the audit plan/programme/checklist. With the latest
information available at the touch of button, it is very important
that to keep update about the significant developments in the
banking sector and to incorporate all the significant developments
in the audit programme/checklist.
31 | P a g e
As the concept of Peer Review is already put in place, it is
important that while carrying out the attest function due emphasis
is given to Auditing & Assurance Standards and other
pronouncements of the Institute while discharging the attest
function. Apart from this, it is also important to preserve all the
required documents/representations etc. for future reference.
Appointment of Auditor
The auditor of a banking company is to be appointed at the AGM
of the shareholders, auditor of a nationalised bank is to be
appointed by the bank concerned acting through its Board of
Directors. In either case, approval of the Reserve Bank is required
before the appointment is made. The auditors of the SBI are to be
appointed by the RBI in consultation with the Central Government.
The auditors of the subsidiaries of the SBI are to be appointed by
the SBI. The auditors of RRB's are to be appointed by the bank
concerned with the approval of the Central Government.
As mentioned earlier, the SBI Act, 1955, specifically provides
for appointment of two or more auditors. Besides, nationalised
banks and subsidiaries of SBI also generally appoint two or more
firms as joint auditors.
Remuneration of Auditor
The remuneration of auditor of a banking company is to be fixed
in accordance with the provisions of section 224 of the Companies
Act, 1956\i.e., by the company in general meeting or in such manner
as the company in general meeting may determine). (The remuneration
of auditors of nationalised banks and SBI is to be fixed by the RBI
in consultation with the Central Government. The remuneration of
auditors of subsidiaries of SBI is to be fixed by the latter. In
the case of RRB's, the auditors' remuneration is to be determined
by the bank concerned with the approval of the Central
Government.
32 | P a g e
Powers of Auditor:
The auditor of a banking company or of a nationalised bank, SBI,
a subsidiary of SBI/or a regional rural bank has the same powers as
those of company auditor in the matter of access to the books,
accounts, documents and voucher's. He is also entitled to require
from the officers of the bank such information and explanations as
he may think necessary for the performance of his duties. In the
case of a banking company, he is entitled to receive notice
relating to any general meeting. He is also entitled to attend any
general meeting and to be heard there at on any part of the
business, which concerns him as auditor
It may be noted that the Regional Rural Banks Act, 1976, does
not contain any provisions relating to audit of branches.
Accordingly, in the case of such banks, audit of branches is also
carried out by the auditors appointed for the bank as a whole.
33 | P a g e
AUDIT (Legal provisions)
The provisions of section 30 of the Banking Regulation Act
relating to audit apply to the banking companies. Sub-section (1B),
(1C) and (2) also apply to nationalized banks, regional rural banks
and the State Bank of India and its subsidiaries.
Section 30 reads as below:
(1) The balance sheet and profit and loss account prepared in
accordance with section 29 shall be audited by a person duly
qualified under any law for the time being in force to be an
auditor of companies.
(1-A) Not withstanding anything contained in any law for the
time being in force or in any contract to the contrary, every
banking company shall, before appointing, re-appointing or removing
any auditors, obtain the previous approval of the Reserve Bank.
(2) The auditor shall have the powers of, exercise the functions
vested in, and discharge the duties and be subject to the
liabilities and penalties imposed on, auditors of companies by
section 227 of the Companies Act, 1956 and auditors, if any
appointed by the law establishing constituting or forming the
banking company concerned.
(3) In addition to the matters, which under the aforesaid act
the auditor, is required to state in his report, (a) Whether or not
the information and explanations required by him have been found to
be satisfactory; (b) Whether or not the transactions of the company
which have come to his notice have been within the powers of the
company; (c) Whether or not the returns received from branch
offices of the company have been found adequate for the purposes of
his audit; 34 | P a g e
(d)
Whether the profit & loss account shows a true balance of
profit or loss for the period covered by such account;
(e)
Any other matter, which he considers, should be brought to the
notice of the shareholders of the company.
35 | P a g e
AUDITING AND ASSUARANCE STANDARD (AAS) XX:
The auditor should obtain an understanding of internal control
relevant to the audit. The auditor uses the understanding of
internal control to identify types of potential misstatements,
consider factors that affect the risks of material misstatement,
and design the nature, timing, and extent of further audit
procedures. Internal control relevant to the audit is discussed
below. Internal control, consists of the following components: (a)
The control environment. (b) Control activities. (c) Monitoring of
controls.
Controls Relevant to the Audit 1) There is a direct relationship
between an entity's objectives and the controls it implements to
provide reasonable assurance about their achievement. The entity's
objectives, and therefore controls, relate to financial reporting,
operations and compliance; however, not all of these objectives and
controls are relevant to the auditor's risk assessment. 2)
Ordinarily, controls that are relevant to an audit pertain to the
entity's objective of preparing financial statements for external
purposes that give a true and fair view (or are presented fairly,
in all material respects) in accordance with the applicable
financial reporting framework and the management of risk that may
give rise to a material misstatement in those financial statements.
It is a matter of the auditor's professional judgment, subject to
the requirements of this AAS, whether a control, individually or in
combination with others, is relevant to the auditor's
considerations in assessing the risks of material misstatement and
designing and performing further procedures in response to assessed
risks. In exercising that judgment, the auditor considers the
circumstances, the applicable component and factors such as the
following: The auditor's judgment about materiality. The size of
the entity. 36 | P a g e
The nature of the entity's business, including its organization
and ownership characteristics. The diversity and complexity of the
entity's operations. Applicable legal and regulatory requirements.
The nature and complexity of the systems that are part of the
entity's internal control, including the use of service
organizations. 3) Controls relating to operations and compliance
objectives may, however, be relevant to an audit if they pertain to
data the auditor evaluates or uses in applying audit procedures.
For example, controls pertaining to non-financial data that the
auditor uses in analytical procedures, such as production
statistics, or controls pertaining to detecting non-compliance with
laws and regulations that may have a direct and material effect on
the financial statements, such as controls over compliance with
income tax laws and regulations used to determine the income tax
provision, may be relevant to an audit. 4) Internal control over
safeguarding of assets against unauthorized acquisition, use, or
disposition may include controls relating to financial reporting
and operations objectives. In obtaining an understanding of each of
the components of internal control, the auditor's consideration of
safeguarding controls is generally limited to those relevant to the
reliability of financial reporting. For example, use of access
controls, such as passwords, that limit access to the data and
programs that process cash disbursements may be relevant to a
financial statement audit. Conversely, controls to prevent the
excessive use of materials in production generally are not relevant
to a financial statement audit.
Control Activities 1) The auditor should obtain a sufficient
understanding of control activities to assess the risks of material
mis-statement at the assertion level and to design further audit
procedures responsive to assessed risks. Control activities are the
policies and procedures that help ensure that management directives
are carried out; for example, that necessary actions are taken to
address risks that threaten the achievement of the entity's
objectives. Control activities, whether within IT or manual
systems, have various objectives and are applied at
37 | P a g e
various organizational and functional levels. Examples of
specific control activities include those relating to the
following: Authorization, Performance reviews, formation
processing, Physical controls,
Segregation of duties 2) General IT-controls are policies and
procedures that relate to many applications and support the
effective functioning of application controls by helping to ensure
the continued proper operation of information systems. General
IT-controls that maintain the integrity of information and security
of data commonly include controls over the following: Data centre
and network operations. System software acquisition, change and
maintenance. Access security. Application system acquisition,
development, and maintenance.
The auditor should document:
The manner in which these matters are documented is for the
auditor to determine using professional judgment. In particular,
the results of the risk assessment may be documented separately, or
may be documented as part of the auditor's documentation of further
procedures. Examples of common techniques, used alone or in
combination include narrative descriptions, questionnaires, check
lists and flow charts. Such techniques may also be useful in
documenting the auditor's assessment of the risks of material
misstatement at the overall financial statement and assertions
level.
For example, documentation of the understanding of a complex
information system in which a large volume of transactions are
electronically initiated, recorded, processed, or reported may
include flowcharts, questionnaires, or decision tables. For an
information system making limited or no use of IT or for which few
transactions are processed (say, long-term debt), documentation in
the form of a memorandum may be sufficient. Ordinarily, the more
complex the entity and the more extensive the audit procedures
performed by the auditor, the more 38 | P a g e
extensive the auditor's documentation will be. AAS 3,
"Documentation" provides guidance regarding documentation in the
context of the audit of financial statements.
Effective Date This Auditing and Assurance Standards is
effective for audits related to accounting periods beginning on or
after 1st April, 2007.
39 | P a g e
PREPARATION AND PLANNING FOR AUDIT
The audit preparation and planning should start immediately on
receipt of the appointment letter and the auditor should not wait
until actual commencement of audit for the same. The various stages
involved in audit preparation and planning and the other related
issues have been discussed below in detail.
STAGE I: AT THE OFFICE UNDERSTANDING THE BASIC SCOPE OF AUDIT:
Broadly the scope of audit can be divided into three main parts: 1.
Authentication of closing returns such as: a) Balance Sheet. b)
Profit and Loss Account either for the full year or for two half
years. c) Master Summary of advances containing asset
classification. d) Statement of furniture/fixtures, computers, etc.
and depreciation. e) Statement of Capital Adequacy. f) Statement of
maturity pattern of loans & advances and deposits. g) Statement
of maturity pattern of foreign currency assets and liabilities. h)
Statement of maturity pattern of borrowings. i) Statement of cash
and bank balance on twelve odd dates. j) Statement of lending to
sensitive sectors. k) Statement of movements in NPA. 1) Statement
of advances made by rural branches.
2. Issuance of certificates in relation to: a) Claim for PMRY
subsidy. b) Refund of DICGC claim. c) Asset classification, income
recognition and provisioning. d) Memorandum of Changes (MOC) for
previous year. 40 | P a g e
e) Investments, if any, held on behalf of Head office.
3. Issuance of reports including special purpose
reports/certificates such as: a) Auditors Report. b) Long Form
Audit Report. c) Tax Audit Report. d) Compliance certificate in
respect of implementation of recommendations of Ghosh & Jilani
Committees. The scope is illustrative and not exhaustive and it may
differ from bank to bank.
COMMUNICATION WITH THE BRANCH
Generally, the appointment letter issued by the HO/CO also
contains the details like complete postal address and contact
numbers of the branch, name of the branch head, business portfolio
of the branch, etc. If these details are not mentioned in the
appointment letter, the same must be obtained.
Depending upon the business profile of the branch, the auditor
must issue written communication for all the audit requirements to
the branch. PREPARATION OF AUDIT PROGRAMME 1. While
preparing/updating audit programme due importance must be given to
a) Auditing & Assurance Standards and other pronouncements of
the Institute. b) Provisions of the governing statutes. c) Latest
closing instructions. d) Latest business profile. e) Audited and
un-audited financial statements. f) LFAR for the previous year. g)
Guidelines and circulars issued by RBI. h) Past experience of bank
audit. 41 | P a g e
2. Generally, the information about the closing returns to be
signed and certificates and reports to be issued is mentioned in
the appointment letter and/or the closing instructions issued by
the HO/CO. It must be ensured that all this information is properly
updated/incorporated in the audit programme and all the related
instructions for the closing returns, certificates, reports, etc.,
are incorporated in the audit checklist. 3. As most of the
branches/operations are computerized, due emphasis must be given to
the level of computerization at the branch level. The audit
approach in case of a computerized branch is totally different from
the one adopted in case of the branch maintaining manual records.
4. The audit programme must be flexible and have substantial scope
for modification/revision during the course of audit.
STANDARDIZATION OF WORKING PAPERS 1. As the scope of audit is
very wide and the time available is very limited, there are
chances
that the (a) Critical/important areas are either completely
omitted or not audited thoroughly by the team. (b) Proper noting of
important issues observed is not made. (c) More time is devoted on
insignificant matters/areas. 2. In order to avoid such
possibilities, it is advisable that all the working papers
including
audit programme/checklist and audit memo/query sheet are
standardized.
STAGE II: AT THE BRANCH UNDERSTANDING THE EDP ENVIRONMENT 1.
Before commencing the audit, it is very important to understand the
EDP environment at the branch. The team must interact with the EDP
department at the branch to gain an understanding of the overall
EDP environment.
42 | P a g e
2.
The team must review the report on System Audit, if any,
conducted during the year. The team must also review the reports of
concurrent auditors, RBI Inspectors and Internal Inspectors to
understand the overall EDP environment at the branch.
3.
The audit team must be properly briefed about (a) The approach
of audit in the computerized environment. (b) The system of data
processing and generation of various outputs at the branch. (c) The
importance of proper understanding and verification of the output
before placing reliance. (d) The basic differences between the
Automated Ledger Posting Machine (ALPM) branches, Total Branch
Mechanization (TBM) branches and branches under Core Banking
Solutions (CBS).
4.
At times, the branches continue to use old version of the
software even though latest version is supplied. It must be ensured
that the version being used by the branch is the latest version
that is supplied by the controlling authorities.
5.
The
branches
are
required
to
maintain
logbook
for
recording
any
disruption/corruption/breakdown that may arise in the software/
hardware at the branch. The logbook must be reviewed to understand
the implication of the systemic issues on the overall presentation
of the financial statements.
EXECUTION OF AUDIT During execution of audit, following
important aspects must be borne in mind: 1. The audit programme and
the checklists must be suitably updated/ modified in the light of
the understanding gathered about the overall functioning of the
branch. 2. 4. The audit observations must be discussed on a daily
basis. The documentation and proper filing must be given due
importance. All the audit memos along with the supporting documents
must be systematically filed on a daily basis. 5. The final issues
affecting the true and fair view and other disclosures must be
discussed with the branch management.
43 | P a g e
COMPLETION OF AUDIT At the final stage, the following important
aspects must be borne in mind: 1. The auditor must ensure that all
the audited closing returns, reports and certificates have been
duly signed and stamped. 2. 3. It must be ensured that LFAR has
also been prepared and discussed with the branch. Tax audit must
also be completed during the course of statutory audit, as no
separate visit is allowed for the same. 4. The copies of the
audited closing returns, reports and certificates are obtained for
the purpose of filing. 5. 6. Necessary representation letter must
be obtained from the branch management. In case the Bank requires
Attendance Certificate to be submitted along with the bill, ensure
that the same has been obtained in the prescribed format.
AUDIT OF BL. AND P&L:
The statutory audit of banks and their branches is generally
described as Balance Sheet Audit. The audit procedures followed in
case of banks are to some extent different from those followed in
case of other entities. The reason being the system of accounting
followed and the nature of records maintained by the banks. Before
we proceed with the Balance Sheet and the Profit & Loss
Account, it is advisable to gain an understanding of accounting
system and the nature of records of the branch.
The suggested audit approach in respect of the various items of
the Balance Sheet and the Profit & Loss Account is as follows:
GENERAL APPROACH 1. It is advisable to (a) Compare figures in the
manual formats/closing returns prepared by the branch with the
system generated outputs of the trial balance and groupings. 44 | P
a g e
(b) Ensure completeness of the data/output provided before
commencement of verification thereof. (c) Understand the nature of
unusual accounts, the accounting entries thereof and the
implication of balances appearing in those accounts. (d) Identify
the accounts to be verified in detail.
2. Generally, the branches are instructed to generate the hard
copies of ledgers and other records as per the specified
periodicity. These records are available for the purpose of
verification by the auditors. 3. Generally, the extract of
significant accounting policies followed by the bank as a whole is
provided to the branch and the branch auditor. In case it is not
made available the same should be obtained. Many a times, the
branch follows different accounting policy specially while
recognizing guarantee commission, overdue interest on advances,
discount on bills, accruing interest on overdue deposits,
prepaid/unpaid expenses, etc. It must be ensured that the branch
does not violate the significant accounting policies followed by
the bank. 4. As the figures are inserted manually in the formats,
it is important to ensure these are free from totaling errors. In
case there is overwriting, cancellation, use of white ink, etc., in
the formats, it must be ensured that the same are properly stamped
and initialled by the branch and the auditor. 5. In respect of
certain items of the balance sheet and profit and loss account that
are expressed in foreign currency like FCNR deposits and interest
thereon, Foreign letter of credit, Foreign currency loan and
interest thereon, etc., it must be ensured that the year-end
figures are revalued as per the prescribed procedures. In case
there are no stated guidelines for the same, the procedure adopted
by the branch for revaluation or the fact that no such revaluation
is done as at the year-end must be stated in the audit report.
45 | P a g e
SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF BALANCE SHEET PART I:
ASSETS 1. Cash a) Evaluate the effectiveness of internal controls
being exercised by the branch by making enquiries about the daily
verification of cash at the opening and the closing hours,
maintenance of cash related registers and vault regi'ster, safety
of cash cabin, dual custody of cash, safe keeping of vault and cash
box keys, recording of movements of keys, dual custody of the keys,
security arrangements for cash movements, decoy money, daily cash
holding and retention limit, etc. b) Review the reports of the
concurrent auditors to ascertain the level and effectiveness of
internal controls and also ascertain the frequency of cash
verification carried out by the concurrent auditors. c) Verify the
closing cash balance at the branch and the extension counter/ATM
center connected to the branch as on the last day of the year or as
of any day during the course of audit in the presence of the
cashier and the manager.
2.
Balances with Reserve Bank of India, State Bank of India and
other Banks Verify the balances as per the books with the balance
confirmation certificates received from
these banks. Ensure that the matters to be reported in LFAR have
been duly verified and incorporated. 3. Money at call and short
Notice Generally these assets are not held or dealt with at the
branch level. 4. Investments Generally these assets are not held or
dealt with at the branch level. 5. Advances The audit approach in
respect of advances is covered in detail in audit of advances 6.
Furnitures, fixtures, computers and office equipments a) Evaluate
the effectiveness of internal controls over acquisition, recording,
identification, safeguarding and periodic verification of these
items. 46 | P a g e
b) Verify the major additions and deletions/disposals with the
related supporting documents such as invoices, challans, etc.
7.
Other asset - Inter Office adjustments (NET) a) Understand the
basic nature of such transactions, the relevance thereof for the
overall presentation of financial statements and the procedure for
recording such transactions. b) Ensure that the closing balance
shown in the statement of the last day of the year tallies with the
corresponding balance in General Ledger. c) Comment of very old and
high value un-reconciled items.
8.
Other asset - Interest accrued Ascertain the system of accruing
interest on advances in the computerized branch in the
light of RBI guidelines for monthly charging of interest. 9.
Other asset - Suspense account a) Understand the guidelines issued
by HO for operating suspense account. b) c) d) Obtain the details
of entries/items outstanding as at the year-end. Identify the
provision to be made in respect of very old entries. Ensure that
the matters to be reported in LFAR have been duly verified and
incorporated. 10. Other asset - Stationery and stamps Evaluate
the effectiveness of internal controls exercised by the branch for
acquisition, recording, usage, physical verification, dual custody,
access, etc., for stamps, deposit receipts, drafts, pay-orders,
cheque books, traveller's cheques, gift cheques, etc. 12. Other
asset - Miscellaneous debits in Government accounts Generally the
balance outstanding in this account indicates the pending claims to
be received from the Government towards pension, provident fund,
etc., paid by the branch on behalf of the Government. 13. Other
asset - Security deposits It relates to telephone deposit, mobile
deposit, electricity deposit, deposit paid to the landlord for
leased premises, etc. 47 | P a g e
PART II: LIABILITIES 1. Deposits a) Ensure that the balances as
per the subsidiary ledgers of various deposit accounts are duly
balanced and tallied with the respective balances in the general
ledger. Any difference in the balancing should be reported in the
audit report. b) Understand the types of various deposits held by
the branch and the salient features of those deposits with
reference to the due dates for application, accrual, compounding
and payment of interest. c) Ascertain that the branch has complied
with the RBI guidelines related to opening and maintenance of
deposit accounts including NRI deposit accounts. More emphasis
should be given to KYC norms, operations in new accounts, heavy
cash deposits and withdrawals, etc. Any serious discrepancy in this
regard should be reported.
2.
Borrowings Generally borrowings are not held or dealt with at
the branch level.
3.
Bills payable a) Generally bills payable relates to pay-order
(PO), demand draft (DD), telegraphic
transfer (TT) and mail transfer (MT) and banker's cheque issued
by the branch. The balances in these accounts indicate progressive
balance that is subject to reconciliation at HO level. b) Ensure
that the details of lost demand drafts, if any, circulated by RO/HO
is readily
available with the branch.
4. 5.
Inter-office adjustment (NET) For details refer item 7 of PART
I. Interest accrue Ascertain the system of accruing interest on
deposits in the computerized branch. Generally interest on deposits
is accrued at the last day of the month and is reversed on the
first day of the succeeding month. 48 | P a g e
6.
Other liabilities - Rebate on Bills discounted a) Ascertain that
the branch has complied with the related accounting policy and
necessary accounting has been done in respect of discount
received in advance for the unexpired period of the bills
outstanding as at the year-end. b) In case the bill-wise details
are not made available and the amount of rebate is
material, report the fact in the audit report. 7. Other
liabilities - Tax deducted at source `Normally tax is deducted at
source as per the Income Tax Act, 1961 in respect of interest on
term deposit, staff salaries, rent, professional charges and
payments made to the contractors, etc. 8. Other Liability -
unrealized interest on NPA a) This account is also referred to as
Interest Suspense, De-recognized Interest, etc.
b) Generally the branches are required to maintain subsidiary
ledger/register for recording account-wise details of unrealized
interest.
9. Other liabilities Others a) This could include sundry
deposits, staff security deposit, margin money and statutory dues
such as deduction of professional tax, provident fund, ESI, etc. b)
In respect of the statutory dues, ensure that proper reporting has
been done in the Tax Audit Report.
PART III: CONTINGENT LIABILITY 1. Claims against the Bank not
acknowledged as debts a) Generally this includes disputed amounts
of lease rent, property tax, etc., in respect of premises taken on
lease. b) Obtain suitable representation from the branch about the
completeness of the disclosure of such contingent liabilities. 2.
Guarantees and acceptances, endorsements & other obligations 49
| P a g e
Obtain the list of un-expired guarantees and letters of credit.
In case the list is not made available, report the fact in the
audit report.
PART IV: BILLS FOR COLLECTION (CONTRA ITEMS) a) Obtain the list
of bills /or collection (inward and outward) outstanding as at the
year-
end and verify the same with the related registers maintained by
the branch. b) Ascertain that age of the outstanding bills and the
reasons for old items.
SPECIFIC AUDIT APPROACH FOR MAJOR ITEMS OF PROFIT AND LOSS
ACCOUNT PART I: INCOME 1. Interest/discount on advances/bills a)
Evaluate the overall effectiveness of internal controls through the
reports of
concurrent auditors and other agencies. b) Ascertain the nature
and the extent of revenue leakage detected by the concurrent
auditors. c) Ascertain that the branch has complied with HO
instructions for recognizing penal interest and overdue interest.
2. Other income - commission, exchange and brokerage a) It normally
includes commission/exchange on letters of credit, guarantees,
remittances and transfer of funds through DD, TT, MT, etc.,
bills for collection and Government business. b) Ensure that the
branch has complied with the provisions of Service Tax and
other
taxes applicable on services. 3. Other income - profit on sale
of fixed assets a) It normally includes profit or loss (net) on
sale of motor vehicle, furniture and
fixtures, computers and other fixed assets held by the branch.
b) Ensure that proper accounting has been done for the depreciation
till the date of
disposal as per the accounting policy framed by the bank.
50 | P a g e
4.
Other income - miscellaneous income a) It normally includes
locker rent, recovery of godown rent, income from bank's
property, security charges, etc. b) In case locker rent is
recovered in advance for a year or more, ensure that the same
is properly apportioned on time period basis or as per the
accounting policy advised by HO. PART II: EXPENDITURE 1. Interest
on deposits a) Evaluate the overall effectiveness of internal
controls through the reports of
concurrent auditors and other agencies. b) Obtain copies of
applicable interest rate circulars issued by HO and verify the
rate
applied for certain deposit accounts. More emphasis should be
given to changes in the rates, premature closures, back-dated
renewals, high value deposits, short-term deposits, staff deposits,
special category of deposits, tax deduction at source, etc.
2.
Salary & allowances to staff a) Generally monthly salary and
allowances to staff are processed centrally either at
RO or at any other main branches and the related records are
also maintained there. The monthly salary sheets are then passed on
to the respective branches and the payment is made by those
branches. In such a situation, it must be ensured that the branch
has properly accounted the payments for the entire year.
3. Rent a) Obtain the details of the rented premises used by the
branch either for the branch
operations or for the officers/managers and the copies of the
rent agreements. b) In case the lessor has availed loan against the
rent payable by the branch ensure that the rent is properly
appropriated towards the loan outstanding.
51 | P a g e
4.
Electricity a) Obtain the details of connections that are used
for the branch premises and for the
staff premises. b) Ensure that the payment is made as per the
original bills held by the branch.
5.
Printing & stationery Generally HO or any centralised
department of the bank ! supplies major stationery
items like security items, etc., to the branches. At branch
level, these items are recorded in the memorandum registers for the
purpose of internal control. In case these items are recorded in
the main books, ensure that the same are properly accounted as per
the advices received from the HO. 6. Depreciation a) Ensure that
the depreciation has been charged as per the rates and the
method
prescribed in the HO instructions especially with reference to
additions and deletions during the year. More emphasis should be
given to inter branch transfer of assets and the depreciation
thereon. b) Generally the branches commit mistakes in identifying
revenue and capital expenditure. In case such mistakes are observed
during the course of audit, it is advisable to identify the
corresponding impact on the depreciation.
7.
Legal charges Ensure that these payments are made on the basis
of the bills and other supporting
documents. More emphasis should be given to the
approval/sanction of higher authorities required for making such
payments.
8.
Postage, telegram & telephone a) Obtain the list of
telephone connections used in the branch premises and
residential
premises of the staff, as per the policy of the bank. c) Ensure
that the payments are made as per the original bills held by the
branch. 52 | P a g e
9.
Repairs & Maintenance Normally it includes expenditure
incurred on repairs and maintenance of vehicles,
furniture, fixtures, premises, etc., and annual maintenance
contracts (AMC) for computers, air conditioners, etc.
10. Insurance a) Normally it includes expenditure incurred on
insurance of office equipments
installed at the branch like computers, air conditioners, etc.
d) Obtain the details of insurance policies, if any, held by the
branch.
11. Other expenditure It includes all other expenditure
including professional charges, concurrent audit fees, etc., that
is not included in any of the specific heads.
53 | P a g e
AUDIT OF ADVANCES PART I: INTRODUCTION Loans and advances
constitute major portion of the assets of any branch and interest
thereon is the major source of revenue for any branch. In view of
the significance attached to this item, it is important for the
auditor to thoroughly understand the scope of the audit and the
reporting requirements. It is advisable to standardise the basic
format of the scope of audit and also the notes to be prepared by
the team at every stage of the verification. While verifying the
advances it is important to keep in mind the requirements of LFAR,
recommendations of Ghosh and Jilani Committees, Prudential Norms of
RBI and various certificates to be issued. PART II: AUDIT PROCEDURE
(Account level) 1. It is advisable to cover the following important
aspects while verifying advances: (a) Compliance with terms and
conditions as per the sanction letter. (b) Regular submission of
stock and book-debt statements, QIS/ MSOD and audited and
un-audited financial statements. (c) Adequacy of insurance
coverage. (d) Adequacy of security coverage. (e) Quality of credit
monitoring. (f) Regular renewal/review of limits. 2. It is
advisable to review the following records/documents: (a) Latest
sanction letter. (b) Latest correspondence files. (c) Stock &
book-debt statements. (d) Latest audited and un-audited financial
statements. (e) Insurance policies. (f) Latest valuation reports.
(g) Latest stock-audit report, wherever applicable. (h) Legal
documents. 54 | P a g e
(i) Latest inspection reports. (j) Minutes of consortium
meetings, wherever applicable. (k) Review/Renewal proposal, if any,
for expired limits.
PART III: IMPORTANT ASPECTS OF PRUDENTIAL NORMS While verifying
compliance of the prudential norms issued by RBI give more emphasis
on: a) b) c) d) e) f) g) h) Operations in the accounts of the
borrower. Possibility of window dressing in the account. Reversal
of unrealised interest. Identification of the date of NPA.
Valuation of security. Accounts upgraded from NPA category to
standard category. Potential NPA. Standard accounts with lowest
credit rating
i) Standard accounts with negative net worth/under BIFR. j)
Asset classification by the other consortium members.
55 | P a g e
AUDITING IN COMPUTERISED ENVIRONMENT
Technology and its progress has often been linked to progress of
civilization. From the time man learnt to control fire to the iron
and Bronze Age, we have noted that the control over inventions like
guns and cannons have given certain civilizations the upper hand
over the ones they conquered. It is not necessary for the
inventions and progress to be restricted to the field of military
or defence. Progress in Banking is an equal parameter of the
cultural development of a civilization and like any other field;
this sector is not spared from the technical revolution, which has
taken over other sectors. This delves into the necessity of value
added APPROACH to the traditional audit and not solely dependent on
the system auditors. These approaches are general and can be
applied to any environment whether LAN Branch or a core banking
situation.
Is the burden shifted to the system auditor? There is unlikely
any professional who will take this stand of shifting the burden to
the other auditor. There are a few checks you can do without
undergoing intensive training and examination! Please note that the
computer system environment referred to here is a minimum of LAN
(Local Area Network) or even a Core system where the data hub is at
a Central Location and the branches/offices are connected to this
data hub despite being many cities away. Apart from the large
corporations and multinationals, many Banks, even large cooperative
Banks have taken this option. Even the branch auditor, thus, has to
take certain precautions to ensure he gives justice to his
work.
56 | P a g e
PHYSICAL ACCESS CONTROL
In case the site is a LAN, the Server should be secure since the
software and data is located in this device. Access to the Server
room should be restricted and only senior management should permit
'outsiders' like software and hardware vendors to enter the server
room. Many of the frauds that have already occurred in India would
have been prevented only if this access was closely monitored.
Apart from protecting the server from bad intentioned persons, we
have to ensure it is protected from accidents of fire and water by
installation of smoke alarms in the server room and extinguishers
outside the server room. In case of core banking, the devices used
for communication should be accorded the status of protection of
the server. Computers require electrical power for working and when
the environment is live, work comes to a standstill unless power is
provided though a UPS (Uninterrupted Power Supply) This has battery
bank and is activated immediately when the power fails providing a
continuous power without any interruption. These machines heat when
generating power and if proper ventilation is not provided, these
UPS will provide service for shorter durations not only
compromising the work but also wasting the investment of the
company. Simple rules of maintenance should also be followed and
monitored. While all pay attention to the application software
access, many forget to police the access to the operating system.
File copy, deletion even data manipulation (especially under
database environments) etc. are some potential disasters that are
possible unless controlled. You will have to ensure that the
company holds the original license for using the operating system
software. Ensure whether the original Operating System Media
supplied by the vendor is available in the Company. This is
necessary to ensure reloading in case of accidental corruption.
Only if the company has the system can it be loaded without waiting
for the vendor's representative. The application developed for the
company should be encoded and not left in a manner that can be
re-programmed by the user. This will enable any person knowing a
bit of programming of that language to design trapdoors for fraud
and these are later very difficult to identify. Over here,
'Prevention is easier than the cure'.
ENVIRONMENTAL SECURITY
SAFEGUARDING OF ASSETS -UPS
OPERATING SYSTEM CONTROLS
APPLICATION SYSTEM CONTROL
57 | P a g e
PASSWORD AND ACCESS CONTROL
Password control is the 'logical' access to the computer. The
system should have passwords and these should be demanded by the
system to changed frequently ensuring that the last password is not
accepted, (not accepting last 12 is the least) Along with this, the
'internal control' should be ensured by the system ensuring that
the person creating the voucher should not be permitted to
authorize the voucher and without authorization, no voucher (other
than system generated vouchers) should be accepted by the system.
The corollary of this requirement is to ensure (check) that each
user has only one identity in the system otherwise one person will
take the identity of the clerk and with a change in short name take
another identity of an officer thus effectively compromising the
system.
Checklist for Audit of Computerized Operations ENVIRONMENT 1.
Securing the The machines should be locked at the end of the day.
Ensure that either the computers furniture, which is adjusted for
locking, is locked or that the hardware lock of the computer is
used. This is a simple point often ignored. Unlocked computer means
any one can start it and the only hurdle after that is the
password. Poor password maintenance further compounds risk of
unlocked computers. Securing During computer operations especially
during service hours, it is not during uncommon for the operator to
leave his/her seat. The operator and thus you operations as an
auditor should ensure that the operator either exits from the
system or leaves it at a point where it cannot proceed without a
password.
2.
Password Password is a key to something more valuable than cash
- data No. Check for 1, Password allotment register Discussion on
checkpoint When a password is allotted, entry is made in this
register. This is similar to the key register where entries are
made at time of giving keys. Check here whether the password level
is also specified. Authority to give password is to the branch
manager and those who hold supervisor password.
58 | P a g e
2.
Password Change register
3.
Where software does not control change in password (where not
only warnings are given but user is disabled unless the password is
changed after specified date) a register has to be shown to you
with dates of change of password. In absence of this register, you
do not have evidence that the passwords are changed frequently. Two
to Supervisor password level permits the holder of this password
unlimited access. three Ensure there are a minimum of two and a
maximum of three such holders. supervisors Check the systems and
procedure manual of the Bank in case they specify a only different
figure.
Cheque related transactions No. Check for Discussion on
checkpoint 1. Audit trail listing cheques out of range Audit trail
for date Check if chequebooks issued are updated to the customer's
master on the same and a record of the same is maintained.
2.
3.
Ensure that stop payment instructions are updated immediately on
receipt of the instruction. Audit trail will give date of entry of
such a stop payment. Verify with date of receipt written on the
letter of the account holder. It should be the same day. Minimum
Accounts having chequebook facility (savings/current) require
having a specified balance minimum balance. Ensure minimum balance
charges are levied in case the charges balance falls below the
minimum level. In good systems, this information is asked in the
'parameter' file and thus the charges are correctly levied either
every month or every quarter.
59 | P a g e
System audit framework
Need of Systems Audit: Since computer is so important for
survival and progress of any organisation, it is necessary to have
suitable controls and regular checks on Computer Resources and Data
Processing Activities. System audit attempts to achieve this
objective. System audit does not deal with the computer system
alone but it deals with the audit of the system as a whole. It is
felt necessary because a computer system is an integral part of the
total business system. System audit attempts to link computer
systems and manual systems in the overall system. It is
particularly relevant for our country because we have a business
environment, which is combination of computer system and manual
system. OBJECTIVES OF SYSTEMS AUDIT The basic objectives of Systems
Audit are to ensure: a) The assets are safeguarded in the system b)
Data integrity is maintained throughout the system c)
Organisational goals are effectively achieved by the system d)
Resources in the system are being consumed efficiently Computer
System Vs. Manual System Any system, manual or computerised, must
have some internal controls. These internal controls ensure Asset
Safeguarding, Data Integrity, Achievement of Organisational Goals
and Efficient Consumption of Resources within the
Organisation. However, nature of these internal controls and
their implementation may vary widely in Manual System and
Computerised System, for the following factors: a) Separation of
duties b) Authority and responsibility c) Dependable and skilled
personnel d) Authorisation e) Availability of documents and records
60 | P a g e
f) Custody of assets and records g) Management by supervision h)
Verification of performance
61 | P a g e
FRAUD DETECTION AND AUDIT IN BANKSVigilance and Fraud share a
peculiar relationship. Whichever works faster and better makes the
difference. In the case of frauds in the financial sector, there is
no limit as to how bad things can get. Maladies in any organisation
are more due to non-adherence of internal control mechanism rather
than the absence of it.
Fraud is considered as a white-collar crime. In a most common
modus operandi of committing the fraud the fraudster studies the
procedures and processes adopted by a commercial entity for putting
financial and funds transactions, ascertains the loopholes in the
systems and then exploits it to the advantage in such a way that it
does not come to light immediately. However, it is only a question
of time before it is detected.
In the matter of preventing fraud, internal audit has an
advantage over the external audit in the sense that it has an
understanding of how the system works so as to initiate quick
steps. Internal audit would be privy to the dynamics of
decision-making and the process behind them in an organization. A
vigilant internal audit team would be able to bring in the
requisite transparency and through this, proper accountability.
Computerised Banking Environment:The basic purpose of
computerising and mechanisation of more and more business is to
contain the occurrence of frauds due to manual intervention,
besides improving overall efficiency for ensuring better customer
service. But, over dependence on the staff of computer vendors and
laxity coupled with lack of IT knowledge paved way for occurrence
of frauds. Some of the frauds and the modus operandi of the same
are summarized below: O Significant exposure of the banking
activities to the employee of a software vendor, while later is
providing the maintenance service.
62 | P a g e
O At the time of half-yearly crediting of interest in the huge
operative savings bank account, substantial amount may be credited
by inflating interest paid on deposit account by erasing genuine
debits/fraudulent credits in